我正在尝试使用 openLDAP 创建多个 dn 后缀,但似乎不起作用。
我想要这个:
ou=Jamaika,dc=gov,dc=com
ou=Jamaiks-shadow,dc=gov-shadow,dc=com-shadow
看起来应该是这样的:https://i.stack.imgur.com/Akw2O.jpg
我可以创建 dc=com,但不能创建 dc=com-shadow。
ldap_add: Server is unwilling to perform (53)
additional info: no global superior knowledge
我无法cn=config使用不同后缀的 rootDN 进行查询:
/products/openldap-2.4.40/bin/ldapsearch -h xxxx -p xxxx -D cn=admin,dc=com -b cn=config -W
Enter LDAP Password:
# extended LDIF
# LDAPv3
# base <cn=config> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
# search result
search: 2
result: 32 No such object
# numResponses: 1
配置文件
database bdb
suffix "dc=com"
rootdn "cn=admin,dc=com"
rootpw ....
directory /products/openldap-2.4.40/var/openldap-data
loglevel 64
index objectClass eq
access to dn.base="" by * read
access to dn.base="dc=com" by * read
但我不想有这样的情况:
配置文件
database bdb
suffix "dc=com"
rootdn "cn=admin,dc=com"
rootpw ....
directory /products/openldap-2.4.40/var/openldap-data
loglevel 64
index objectClass eq
access to dn.base="" by * read
access to dn.base="dc=com" by * read
database bdb
suffix "dc=com-shadow"
rootdn "cn=admin,dc=com-shadow"
rootpw ....
directory /products/openldap-2.4.40/var/openldap-data
loglevel 64
index objectClass eq
access to dn.base="" by * read
access to dn.base="dc=com" by * read
因为我在一个 LDAP 系统中有两个用户。